In case your ICF will serve only as a HTTPS server, you do not need to do this. In case you want your ABAP server to connect to another web server, this may be of interest. In that case, your ABAP server acts as a client and will receive a server certificate, just like your browser does. While a browser comes with a pre-installed list of CAs, the PSE does not have this. Therefore, ABAP will reject the server certificate received when opening a TLS connection. To make ABAP accept the certificate, either the server certificate must be imported or the CA certificate. Importing each server certificate is not the best approach (number of servers, lifetime, management), importing the CA certificate will make ABAP accept connects too, as long as the received server certificate was issued by this CA.

Transaction: STRUST

Open the SSL server standard PSE and switch to edit mode. Click on import certificate

Select the tab File and give the path to the CA certificate.

Check the information of the certificate.

If everything is OK, add the certificate to the certificate list.

Click save

Result

CA certificate is imported into the PSE. With this, the PSE can validate successfully each certificate received and that is signed by the CA.